-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Rejected -> Published #195
Comments
@zmanion - that seems a correct summary. CVE Services allows updating CVE Records from REJECTED to PUBLISHED. However, Vulnogram does not allow it in at least one use case:
Workaround described by zmanion above. |
RESERVED -> REJECTED is permitted by Services and supported by Vulnogram. Such an ID cannot be un-REJECTED or, at least using Vulnogram, Services returns CVE_RECORD_DNE. It is not possible to modify the Record ("Rejected Reason"), there is no Record at all (Services returns 404 for the /cve/ endpoint). https://cveawg-test.mitre.org/api/cve/CVE-2024-20642 PUBLISHED -> REJECTED is permitted by Services and supported by Vulnogram. Such an ID/Record can be un-REJECTED. In Vulnogram, you need to create a new record, re-populate it, and publish. So, I now dont' think this is a bug in Vulnogram, and probably doesn't require any action or change to Vulnogram. Loading a REJECTED (but previously published) Record can only possiby load the current Record data, which includes the rejectedReasons element. |
OK, maybe an enhancement then. In the view of Rejected IDs, indicate which exist as Records (had previously been Published), and provide an "unreject" or "re-edit" button or icon (maybe a green check mark in the Actions column). On click, load a new (CNA container) editor screen (equivalent to clicking the NEW button) with the (rejected, about to be republished) CVE-ID populated. |
The CVE Services do allow a record to move from Rejected to Published. In some interaction flows Vulnogram gives an error and does not allow this.
Load Rejected CVE ID using Load button?
Open existing JSON file with Rejected CVE ID?
Try to Post
Error
There is a workaround:
Click NEW
populate CVE ID manually (with a Rejected CVE ID)
populate fields manually (is it possible to just paste JSON into Source?)
CC @openmorse, can you review this behavior is accurate?
The text was updated successfully, but these errors were encountered: